[Japanese]

JVNDB-2008-001043

X.Org Foundation X server buffer overflow vulnerability

Overview

X server provided by the X.Org Foundation contains a buffer overflow vulnerability.

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.

X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.

Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.4 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Canonical
  • Ubuntu 6.06-lts
  • Ubuntu 6.10
  • Ubuntu 7.04
  • Ubuntu 7.10
Fedora Project
  • Fedora 7
  • Fedora 8
Gentoo Foundation, Inc.
  • Gentoo Linux x11-base/xorg-server 1.3.0.0-r5
  • Gentoo Linux x11-libs/libXfont 1.3.1-r1
IBM Corporation
  • IBM AIX 5.2
  • IBM AIX 5.3
  • IBM AIX 6.1
Mandriva, Inc.
  • Mandriva Linux XFree86 CS3.0
  • Mandriva Linux xorg-x11 CS4.0
OpenBSD
  • OpenBSD 4.1
  • OpenBSD 4.2
openSUSE project
  • openSUSE 10.2
  • openSUSE 10.3
SUSE
  • Novell Linux Desktop 9
  • Novell Linux POS 9
  • Open Enterprise Server
  • SLE SDK 10
  • SUSE LINUX 10.1
  • SUSE Linux Enterprise Desktop 10
  • SUSE Linux Enterprise Server 10
  • SUSE Linux Enterprise Server 8
  • SUSE SLES 9
X.Org Foundation
  • X.Org X11 1.4 and earlier
XFree86 Project
  • XFree86 4.7.99.14 and earlier
Apple Inc.
  • Apple Mac OS X v10.4.11
  • Apple Mac OS X v10.5.2
  • Apple Mac OS X Server v10.4.11
  • Apple Mac OS X Server v10.5.2
Sun Microsystems, Inc.
  • Sun Solaris 10 (sparc)
  • Sun Solaris 10 (x86)
  • Sun Solaris 8 (sparc)
  • Sun Solaris 8 (x86)
  • Sun Solaris 9 (sparc)
  • Sun Solaris 9 (x86)
Hewlett-Packard Development Company, L.P
  • HP-UX 11.11
  • HP-UX 11.23
  • HP-UX 11.31
MIRACLE LINUX CORPORATION
  • Asianux Server 3 (x86)
  • Asianux Server 3 (x86-64)
  • Asianux Server 2.0
  • Asianux Server 2.1
  • Asianux Server 4.0
  • Asianux Server 4.0 (x86-64)
  • Asianux Server 3.0
  • Asianux Server 3.0 (x86-64)
Red Hat, Inc.
  • Red Hat Enterprise Linux 5 (server)
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 3 (as)
  • Red Hat Enterprise Linux 4 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 3 (es)
  • Red Hat Enterprise Linux 4 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Enterprise Linux 3 (ws)
  • Red Hat Enterprise Linux 4 (ws)
  • Red Hat Enterprise Linux Desktop 3.0
  • Red Hat Enterprise Linux Desktop 4.0
  • Red Hat Enterprise Linux Desktop 5.0 (client)
  • Red Hat Linux Advanced Workstation 2.1
  • RHEL Desktop Workstation 5 (client)
FUJITSU
  • FUJITSU PC-X

Impact

An attacker with an established, authenticated connection to the X server could execute arbitrary code with the privilege of X server process or cause the server to crash.
Solution

[Update the Software]
Apply the latest updates provided by the vendors.
Vendor Information

Canonical Fedora Project Gentoo Foundation, Inc. IBM Corporation
  • IBM Support Document : 4136
Mandriva, Inc. openSUSE project SUSE X.Org Foundation XFree86 Project Apple Inc. Sun Microsystems, Inc.
  • Sun Alert Notification : 103192
Hewlett-Packard Development Company, L.P MIRACLE LINUX CORPORATION
  • Asianux Technical Support Network : libXfont-1.2.2-1.0.3AXS3 (Japanese)
  • MIRACLE LINUX Update Information : 1209 (Japanese)
  • MIRACLE LINUX Update Information : 1230 (Japanese)
  • MIRACLE LINUX Update Information : 1347 (Japanese)
Red Hat, Inc. FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0006
References

  1. JVN : JVN#88935101
  2. National Vulnerability Database (NVD) : CVE-2008-0006
  3. IPA SECURITY ALERTS : Security Alert for X.Org Foundation X Server Vulnerability
  4. US-CERT Cyber Security Alerts : SA08-079A
  5. US-CERT Vulnerability Note : VU#203220
  6. US-CERT Technical Cyber Security Alert : TA08-079A
  7. Secunia Advisory : SA28532
  8. SecurityFocus : 27352
  9. SecurityTracker : 1019232
  10. FrSIRT Advisories : FrSIRT/ADV-2008-0179
  11. JVN iPedia (Japanese) : JVNDB-2008-001043
Revision History

  • [2008/06/13]
      Web page published
    [2008/07/11]
      Affected Products : Added FUJITSU. (JVN#88935101).
      Vendor Information : FUJITSU. (JVN#88935101).
    [2008/11/21]
      Affected Products : Added MIRACLE LINUX CORPORATION (1347).
      Affected Products : Added Hewlett-Packard Development Company, L.P (HPSBUX02381).
      Vendor Information : Added MIRACLE LINUX CORPORATION (1347).
      Vendor Information : Added Hewlett-Packard Development Company, L.P (HPSBUX02381).